Virus infection of computers and computer systems is a growing problem. Recently there have been many high profile examples where computer viruses have spread rapidly around the world causing many millions of pounds worth of damage in terms of lost data and lost working time.
Computer viruses are spread in many different ways. Early viruses were spread by the copying of infected files onto floppy disks, and the transfer of the file from the disk onto a previously uninfected computer. When the user tries to open the infected file, the virus is triggered and the computer infected. More recently, viruses have in addition been spread via the Internet, for example using e-mail. In the future it can be expected that viruses will be spread by the wireless transmission of data, for example by communications between mobile communication devices using a cellular telephone network.
Various anti-virus applications are available on the market today. These tend to work by maintaining a database of signatures or fingerprints for known viruses. With a “real time” scanning application, when a user tries to perform an operation on a file, e.g. open, save, or copy, the request is redirected to the anti-virus application. If the application has no existing record of the file, the file is scanned for known virus signatures. If a virus is identified in a file, the anti-virus application reports this to the user, for example by displaying a message in a pop-up window. The anti-virus application may then add the identity of the infected file to a register of infected files. Access to the file is denied. When a subsequent operation on the file is requested, the anti-virus application first checks the register to see if the file is infected. If it is infected, the access is denied. If the file is not infected, access is permitted (the anti-virus application may re-check the file if it detects that the file has changed since the previous check was performed).
The approach described in the preceding paragraph for preventing access to infected files is relatively complex and requires a detailed understanding of the workings of the operating system. It also requires some modification to the operating system. Whilst this is allowed (to some extent) by the Microsoft Windows™ operating system, providers of other operating systems may be more reticent to allow interference with their operating systems as this in itself presents a potential security risk.
In order to overcome some of the problems, devices may be provided with only an “on-demand” anti-virus scanning application. A user must specifically direct the scanner to scan one file or a group of files. As the application does not have direct access to the operating system, it is not possible to redirect subsequent requests to access an infected file to the anti-virus application. The only option to prevent infection therefore are disinfection of an infected file or, if this is not possible or desirable, deletion of the infected file.